EP2047412B1 - Information storage medium and information storage medium processing apparatus - Google Patents
Information storage medium and information storage medium processing apparatus Download PDFInfo
- Publication number
- EP2047412B1 EP2047412B1 EP07768408.2A EP07768408A EP2047412B1 EP 2047412 B1 EP2047412 B1 EP 2047412B1 EP 07768408 A EP07768408 A EP 07768408A EP 2047412 B1 EP2047412 B1 EP 2047412B1
- Authority
- EP
- European Patent Office
- Prior art keywords
- communication unit
- communication
- card
- unit
- processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000012545 processing Methods 0.000 title claims description 85
- 238000004891 communication Methods 0.000 claims description 176
- 238000012795 verification Methods 0.000 claims description 56
- 230000004044 response Effects 0.000 claims description 14
- 238000000034 method Methods 0.000 claims description 12
- 230000008569 process Effects 0.000 claims description 6
- 230000010365 information processing Effects 0.000 claims description 4
- 238000012790 confirmation Methods 0.000 description 10
- 238000013500 data storage Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 101000911772 Homo sapiens Hsc70-interacting protein Proteins 0.000 description 3
- 101001139126 Homo sapiens Krueppel-like factor 6 Proteins 0.000 description 3
- 101000710013 Homo sapiens Reversion-inducing cysteine-rich protein with Kazal motifs Proteins 0.000 description 3
- 101000661807 Homo sapiens Suppressor of tumorigenicity 14 protein Proteins 0.000 description 3
- 230000002159 abnormal effect Effects 0.000 description 3
- 108090000237 interleukin-24 Proteins 0.000 description 3
- 101000760620 Homo sapiens Cell adhesion molecule 1 Proteins 0.000 description 2
- 230000009471 action Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 101000661816 Homo sapiens Suppression of tumorigenicity 18 protein Proteins 0.000 description 1
- 102100025292 Stress-induced-phosphoprotein 1 Human genes 0.000 description 1
- 101710140918 Stress-induced-phosphoprotein 1 Proteins 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000004904 shortening Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
Definitions
- One embodiment of the invention relates to an information storage medium which incorporates a nonvolatile data memory, and an IC (integrated circuit) chip having control elements such as a CPU and the like, and is so-called an IC card. Also, another embodiment of the invention relates to an information storage medium processing apparatus which writes and reads out data to and from such information storage medium, and is so-called an IC card reader/writer.
- JP-A 2003-168092 proposes an IC card compatible to transmission protocols of contact and non-contact communications.
- This IC card can be used in both contact and non-contact modes. That is, the IC card receives commands from an external device in both the contact and non-contact modes, and checks if the commands are received in the contact or non-contact mode. Then, the IC card executes an application program corresponding to the commands, and outputs the execution result to the external device. This IC card extracts command information included in fields of commands received from the external device, so that the application program is accessible to the extracted command information.
- the commands can be reliably transferred to the application program while absorbing the difference between the transmission protocols of the contact and non-contact modes, and the command execution results can be reliably transmitted (output) to the external device.
- JP-A 2004-78444 proposes an IC card that allows, via one of contact and non-contact access control means, access to a data storage area corresponding to the other access control means.
- a non-contact data file link file required to access a non-contact data file, and a non-contact authentication link file used to acquire an authentication key required to access a contact data file are prepared in a contact data storage area.
- authentication for the non-contact mode is done based on the non-contact authentication link file. If the authentication is OK, the data file in the non-contact data storage area is accessed based on the non-contact file link file.
- the specific secret data in the card is protected by a method of "encrypting commands/responses as data in communications and further appending a signature", or a method of "complicating conditions required to access secret information".
- JP-A 2003-132313 discloses a technique for selectively using the communication schemes of a combined card in accordance with security levels. That is, the communication schemes of the combined card are selectively used in accordance with the importance of security, that of shortening of a communication processing time, that of an easy communication action, the frequency of the communication action, and the like.
- the security of the IC card is not high enough by only the aforementioned measures, and further security measures are demanded.
- An IC card comprises a first communication unit configured to communicate with an IC card processing apparatus in a contact state, a second communication unit configured to communicate with the IC card processing apparatus in a non-contact state, a storage unit configured to store information, and an execution unit configured to execute predetermined processing based on the information stored in the storage unit using information processing results of both the first communication unit and the second communication unit, wherein the execution unit executes authentication processing for the predetermined processing by a communication with one of the first communication unit and the second communication unit, and executes authentication processing for the predetermined processing by a communication with the other of the first communication unit and the second communication unit, the execution unit executes the predetermined processing under a condition that both the first communication unit and the second communication unit have succeeded in authentication processing for the predetermined processing, and wherein each authentication processing includes verifying a verification key, said keys being stored by the IC card before said both authentication processings.
- An IC card processing apparatus comprises a first communication unit configured to communicate with an IC card in a contact state, a second communication unit configured to communicate with the IC card in a non-contact state, and a request unit configured to request the IC card to execute predetermined processing via information processing by both the first communication unit and the second communication unit, wherein the request unit executes authentication processing for the predetermined processing by both the first communication unit and the second communication unit and requests the predetermined processing, and wherein each authentication processing includes verifying a verification key, said keys being stored by the IC card before said both authentication processings.
- FIG. 1 is a schematic block diagram showing the arrangement of an IC card according to an embodiment of the present invention.
- an IC card 1 comprises a CPU 11, ROM 12, RAM 13, nonvolatile memory (EEPROM) 14, co-processor 15, UART (Universal Asynchronous Receiver/Transmitter) 16, and antenna 17.
- EEPROM nonvolatile memory
- UART Universal Asynchronous Receiver/Transmitter
- the CPU 11 executes a specific command.
- the UART 16 serves as a contact communication I/F.
- the antenna 17 serves as a non-contact communication I/F.
- the IC card 1 permits access to a specific storage area (ROM 12 or nonvolatile memory 14) under the condition that the access is authenticated in both a first communication protocol using the contact communication I/F (contact protocol) and a second communication protocol using the non-contact communication I/F (non-contact protocol), and executes specific command processing.
- FIG. 3 is a schematic block diagram showing the arrangement of an IC card reader/writer according to the embodiment of the invention.
- an IC card reader/writer 2 comprises a CPU 21, ROM 22, RAM 23, nonvolatile memory 24, co-processor 25, UART 26, and antenna 27.
- the CPU 21 executes a specific command.
- the UART 26 serves as a contact communication I/F.
- the antenna 27 serves as a non-contact communication I/F. With these I/Fs, the IC card reader/writer 2 requires authentication processing in the contact protocol using the contact communication I/F and the non-contact protocol using the non-contact communication I/F, and further requests specific command processing.
- a plurality of routes of the communication data are prepared to make exploration of the communication data by an ill-disposed person difficult.
- the security of the IC card is enhanced by a plurality of communication means in addition to the methods of encrypting communication data, appending a signature, and complicating access to secret information.
- the IC card 1 stores applications A and B.
- secret key A, verification key a , verification key b , application data, and the like are present in application A.
- the IC card 1 stores secret key A, verification key a , verification key b , application data, and the like.
- This secret key A is an important secret key which is used to generate a signature in the application, and is inhibited from being read out externally, and only a card issuer can update (rewrite) the secret key.
- the card issuer can update secret key A only when he or she verifies verification key a . by the contact protocol and verification key b by the non-contact protocol.
- FIG. 4 is a flowchart showing a first example of communication processing by a plurality of communication means.
- the secret key is updated to A' and can be used.
- the first example of the aforementioned communication processing can be practiced by, e.g., modifying it as follows.
- FIG. 5 is a flowchart for explaining the second example of the communication processing using the plurality of communication means.
- the secret key is updated to A' and can be used.
- FIG. 6 is a flowchart showing the first example of a communication error.
- FIG. 7 is a flowchart showing the second example of a communication error.
- the CPU 11 of the IC card 1 checks if the processes are executed based on the prescribed processing order stored in the ROM 12 or the like, and determines an error if the processes are not executed based on the prescribed processing order. For example, assume that verification of verification key b using the non-contact protocol after that of verification key a using the contact protocol is determined as the prescribed processing order. Under this prescription, a communication error will be explained.
- the aforementioned second example of a communication error may erase establishment of the condition "contact & verification key a " stored in ST43 based on the determination result in ST44 indicating that the condition is not established.
- this embodiment is as follows.
- the IC card determines the authenticity of processing based on both the result of authentication (verification) itself and the type of protocol of a command that prompts execution. That is, the IC card determines, as independent authentication (verification) results, the result authenticated (verified) by a specific command of the non-contact protocol via the non-contact communication I/F and the result authenticated (verified) by a specific command of the contact protocol via the contact communication I/F, and then permits the following operations when both the commands normally terminate:
Description
- One embodiment of the invention relates to an information storage medium which incorporates a nonvolatile data memory, and an IC (integrated circuit) chip having control elements such as a CPU and the like, and is so-called an IC card. Also, another embodiment of the invention relates to an information storage medium processing apparatus which writes and reads out data to and from such information storage medium, and is so-called an IC card reader/writer.
- In recent years, non-contact IC cards have been improved, and can be used more conveniently. At the same time, since information is wirelessly transmitted from non-contact IC cards, leakage of information during communications is an issue. For this reason, IC cards (combined cards) which are compatible to both contact and non-contact communications have gotten a lot of attention.
-
JP-A 2003-168092 -
JP-A 2004-78444 - Nowadays, since various non-contact IC cards and contact IC cards such as ETC cards and the like have prevailed, readers/writers for these non-contact and contact IC cards have also prevailed, and the general user can check communication data between an IC card and reader/writer.
- Of course, it is not easy for the user to directly access specific secret data in the card if he or she can check the communication data. The specific secret data in the card is protected by a method of "encrypting commands/responses as data in communications and further appending a signature", or a method of "complicating conditions required to access secret information".
-
JP-A 2003-132313 - However, the security of the IC card is not high enough by only the aforementioned measures, and further security measures are demanded.
- It is an object of the invention to provide an information storage medium and an information storage medium processing apparatus which are excellent in security.
- An IC card according to one embodiment of the invention comprises a first communication unit configured to communicate with an IC card processing apparatus in a contact state, a second communication unit configured to communicate with the IC card processing apparatus in a non-contact state, a storage unit configured to store information, and an execution unit configured to execute predetermined processing based on the information stored in the storage unit using information processing results of both the first communication unit and the second communication unit, wherein the execution unit executes authentication processing for the predetermined processing by a communication with one of the first communication unit and the second communication unit, and executes authentication processing for the predetermined processing by a communication with the other of the first communication unit and the second communication unit, the execution unit executes the predetermined processing under a condition that both the first communication unit and the second communication unit have succeeded in authentication processing for the predetermined processing, and wherein each authentication processing includes verifying a verification key, said keys being stored by the IC card before said both authentication processings.
- An IC card processing apparatus according to one embodiment of the invention comprises a first communication unit configured to communicate with an IC card in a contact state, a second communication unit configured to communicate with the IC card in a non-contact state, and a request unit configured to request the IC card to execute predetermined processing via information processing by both the first communication unit and the second communication unit, wherein the request unit executes authentication processing for the predetermined processing by both the first communication unit and the second communication unit and requests the predetermined processing, and wherein each authentication processing includes verifying a verification key, said keys being stored by the IC card before said both authentication processings.
- Additional advantages of the invention will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. The advantages of the invention may be realized and obtained by means of the instrumentalities and combinations particularly pointed out hereinafter.
-
-
FIG. 1 is a schematic block diagram showing the arrangement of an IC card according to an embodiment of the invention; -
FIG. 2 is a view showing the presence of applications A and B in the IC card according to the embodiment; -
FIG. 3 is a schematic block diagram showing the arrangement of an IC card reader/writer according to the embodiment; -
FIG. 4 is a flowchart showing a first example of communication processing by a plurality of communication means; -
FIG. 5 is a flowchart showing a second example of communication processing by a plurality of communication means; -
FIG. 6 is a flowchart showing a first example of a communication error; and -
FIG. 7 is a flowchart showing a second example of a communication error. - One embodiment of the invention will described hereinafter with reference to the accompanying drawings.
-
FIG. 1 is a schematic block diagram showing the arrangement of an IC card according to an embodiment of the present invention. As shown inFIG. 1 , anIC card 1 comprises aCPU 11,ROM 12,RAM 13, nonvolatile memory (EEPROM) 14,co-processor 15, UART (Universal Asynchronous Receiver/Transmitter) 16, andantenna 17. - The
CPU 11 executes a specific command. The UART 16 serves as a contact communication I/F. Theantenna 17 serves as a non-contact communication I/F. With these I/Fs, theIC card 1 permits access to a specific storage area (ROM 12 or nonvolatile memory 14) under the condition that the access is authenticated in both a first communication protocol using the contact communication I/F (contact protocol) and a second communication protocol using the non-contact communication I/F (non-contact protocol), and executes specific command processing. -
FIG. 3 is a schematic block diagram showing the arrangement of an IC card reader/writer according to the embodiment of the invention. As shown inFIG. 3 , an IC card reader/writer 2 comprises aCPU 21, ROM 22,RAM 23,nonvolatile memory 24,co-processor 25,UART 26, andantenna 27. - The
CPU 21 executes a specific command. The UART 26 serves as a contact communication I/F. Theantenna 27 serves as a non-contact communication I/F. With these I/Fs, the IC card reader/writer 2 requires authentication processing in the contact protocol using the contact communication I/F and the non-contact protocol using the non-contact communication I/F, and further requests specific command processing. - In this embodiment, in order to prevent leakage of communication data, a plurality of routes of the communication data are prepared to make exploration of the communication data by an ill-disposed person difficult. For example, the security of the IC card is enhanced by a plurality of communication means in addition to the methods of encrypting communication data, appending a signature, and complicating access to secret information.
- Details of communications using a plurality of communication means will be described below. In the
IC card 1, applications A and B are present, as shown inFIG. 2 . That is, theIC card 1 stores applications A and B. For example, secret key A, verification key a, verification key b, application data, and the like are present in application A. That is, theIC card 1 stores secret key A, verification key a, verification key b, application data, and the like. This secret key A is an important secret key which is used to generate a signature in the application, and is inhibited from being read out externally, and only a card issuer can update (rewrite) the secret key. The card issuer can update secret key A only when he or she verifies verification key a. by the contact protocol and verification key b by the non-contact protocol. -
FIG. 4 is a flowchart showing a first example of communication processing by a plurality of communication means. - ST11: The contact communication I/F (UART 26) of the reader/
writer 2 activates theIC card 1 via the contact I/F (UART 16) of theIC card 1, thus setting theIC card 1 in a communicable state using the contact protocol (e.g., T = 1 protocol). - ST12: The contact communication I/F of the reader/
writer 2 executes a SELECT FILE command so as to select application A in theIC card 1 using the contact protocol. In theIC card 1, application A is assigned to a current application in the contact protocol. - ST13: The non-contact communication I/F (antenna 27) of the reader/
writer 2 sets a communicable state using the non-contact protocol (e.g., T = CL protocol) of theIC card 1 via the non-contact I/F (antenna 17) of theIC card 1. - ST14: The non-contact communication I/F of the reader/
writer 2 executes a SELECT FILE command so as to select application A in theIC card 1 using the non-contact protocol. In theIC card 1, application A is assigned to a current application in the non-contact protocol. - ST15: The contact communication I/F of the reader/
writer 2 verifies verification key a by a Verify command using the contact protocol. Application A starts verification after confirmation of the authenticity of the command. When two requirements: "the verification result is authentic" and "the Verify command is transmitted in the contact protocol" are met, theIC card 1 stores establishment of the condition "contact & verification key a", and the contact communication I/F of theIC card 1 returns a normal termination response to that of the reader/writer 2. - ST16: The non-contact communication I/F of the reader/
writer 2 verifies verification key b by a Verify command using the non-contact protocol. Application A starts verification after confirmation of the authenticity of the command. When two requirements: "the verification result is authentic" and "the Verify command is transmitted in the non-contact protocol" are met, theIC card 1 stores establishment of the condition "non-contact & verification key b", and the non-contact communication I/F of theIC card 1 returns a normal termination response to that of the reader/writer 2. - ST17: The contact communication I/F of the reader/
writer 2 executes an Update Key command using the contact protocol so as to update secret key A. - ST18: Application A confirms whether or not both the conditions "contact & verification key a" and "non-contact & verification key b" are established after confirmation of the authenticity of the command. If both the conditions are established, secret key A is updated to new secret key A' derived from data included in the received command, and the contact communication I/F of the
IC card 1 returns a normal termination response to that of the reader/writer 2. - After that, the secret key is updated to A' and can be used.
- Note that the first example of the aforementioned communication processing can be practiced by, e.g., modifying it as follows.
- (1) The order of the contact communications in STI1 and ST12 and the non-contact communications in ST13 and ST14 may be replaced. That is, after execution of the non-contact communications in ST13 and ST14, the contact communications in ST11 and ST12 may be executed.
- (2) The order of the contact communication in ST15 and the non-contact communication in ST16 may be replaced. That is, after execution of the non-contact communication in ST16, the contact communication in ST15 may be executed.
- (3) The contact communication in ST17 may be implemented by a non-contact communication.
- The second example of the communication processing using the plurality of communication means will be described below.
FIG. 5 is a flowchart for explaining the second example of the communication processing using the plurality of communication means. - ST21: The contact communication I/F (UART 26) of the reader/
writer 2 activates theIC card 1 via the contact I/F (UART 16) of theIC card 1, thus setting theIC card 1 in a communicable state using the contact protocol (e.g., T = 1 protocol). - ST22: The contact communication I/F of the reader/
writer 2 executes a SELECT FILE command so as to select application A in theIC card 1 using the contact protocol. In theIC card 1, application A is assigned to a current application in the contact protocol. - ST23: The contact communication I/F of the reader/
writer 2 verifies verification key a by a Verify command using the contact protocol. Application A starts verification after confirmation of the authenticity of the command. When two requirements: "the verification result is authentic" and "the Verify command is transmitted in the contact protocol" are met, theIC card 1 stores establishment of the condition "contact & verification key a", and the contact communication I/F of theIC card 1 returns a normal termination response to that of the reader/writer 2. Then, theIC card 1 is deactivated. - ST24: The non-contact communication I/F (antenna 27) of the reader/
writer 2 activates theIC card 1 via the non-contact I/F (antenna 17) of theIC card 1, and sets it in a communicable state using the non-contact protocol (e.g., T = CL protocol) of theIC card 1. - ST25: The non-contact communication I/F of the reader/
writer 2 executes a SELECT FILE command so as to select application A in theIC card 1 using the contact protocol. In theIC card 1, application A is assigned to a current application in the non-contact protocol. - ST26: The non-contact communication I/F of the reader/
writer 2 verifies verification key b by a Verify command using the non-contact protocol. Application A starts verification after confirmation of the authenticity of the command. When two requirements: "the verification result is authentic" and "the Verify command is transmitted in the non-contact protocol" are met, theIC card 1 stores establishment of the condition "non-contact & verification key b", and the non-contact communication I/F of theIC card 1 returns a normal termination response to that of the reader/writer 2. Then, theIC card 1 is deactivated. - ST27: The contact communication I/F of the reader/
writer 2 activates theIC card 1 via the contact I/F of theIC card 1, and executes an Update Key command using the contact protocol so as to update secret key A. - ST28: Application A confirms whether or not both the conditions "contact & verification key a" and "non-contact & verification key b" are established after confirmation of the authenticity of the command. If both the conditions are established, secret key A is updated to new secret key A' derived from data included in the received command, and the contact communication I/F of the
IC card 1 returns a normal termination response to that of the reader/writer 2. - After that, the secret key is updated to A' and can be used.
- Note that the second example of the aforementioned communication processing can be practiced by, e.g., modifying it as follows.
- (1) The order of the contact communications in ST21, ST22, and ST23 and the non-contact communications in ST24, ST25, and ST26 may be replaced. That is, after execution of the non-contact communications in ST24, ST25, and ST26, the contact communications in ST21, ST22, and ST23 may be executed.
- (2) The contact communication in ST27 may be implemented by a non-contact communication.
- (3) After the normal termination response is returned in ST26, the process may advance to the update processing in ST27 without deactivating the
IC card 1. - A case corresponding to a communication error will be described below with reference to
FIG. 6. FIG. 6 is a flowchart showing the first example of a communication error. - ST31: The contact communication I/F (UART 26) of the reader/
writer 2 activates theIC card 1 via the contact I/F (UART 16) of theIC card 1, thus setting a communicable state using the contact protocol (e.g., T = 1 protocol). - ST32: The contact communication I/F of the reader/
writer 2 executes a SELECT FILE command so as to select application A in theIC card 1 using the contact protocol. In theIC card 1, application A is assigned to a current application in the contact protocol. - ST33: The contact communication I/F of the reader/
writer 2 verifies verification key a by a Verify command using the contact protocol. Application A starts verification after confirmation of the authenticity of the command. When two requirements: "the verification result is authentic" and "the Verify command is transmitted in the contact protocol" are met, theIC card 1 stores establishment of the condition "contact & verification key a", and the contact communication I/F of theIC card 1 returns a normal termination response to that of the reader/writer 2. - ST34: The contact communication I/F of the reader/
writer 2 executes an Update Key command using the contact protocol so as to update secret key A. Application A confirms whether or not both the conditions "contact & verification key a" and "non-contact & verification key b" are established after confirmation of the authenticity of the command. In this case, however, application A cannot confirm establishment of both the conditions. That is, since verification of verification key b by the non-contact protocol does not terminate normally, application A determines that the conditions required to update secret key A are not established, and the contact communication I/F of theIC card 1 returns an abnormal termination response to that of the reader/writer 2 without updating secret key A. - Furthermore, another case corresponding to a communication error will be described below with reference to
FIG. 7. FIG. 7 is a flowchart showing the second example of a communication error. - The
CPU 11 of theIC card 1 checks if the processes are executed based on the prescribed processing order stored in theROM 12 or the like, and determines an error if the processes are not executed based on the prescribed processing order. For example, assume that verification of verification key b using the non-contact protocol after that of verification key a using the contact protocol is determined as the prescribed processing order. Under this prescription, a communication error will be explained. - ST41: The contact communication I/F (UART 26) of the reader/
writer 2 activates theIC card 1 via the contact I/F (UART 16) of theIC card 1, thus setting a communicable state using the contact protocol (e.g., T = 1 protocol). - ST42: The contact communication I/F of the reader/
writer 2 executes a SELECT FILE command so as to select application A in theIC card 1 using the contact protocol. In theIC card 1, application A is assigned to a current application in the contact protocol. - ST43: The contact communication I/F of the reader/
writer 2 verifies verification key a by a Verify command using the contact protocol. In application A, verification is started after the authenticity of the command is confirmed. When two requirements: "the verification result is authentic" and "the Verify command is transmitted in the contact protocol" are met, theIC card 1 stores establishment of the condition "contact & verification key a", and the contact communication I/F of theIC card 1 returns a normal termination response to that of the reader/writer 2. - ST44: The contact communication I/F of the reader/
writer 2 verifies verification key b by a Verify command using the contact protocol. Application A starts verification after confirmation of the authenticity of the command. When two requirements: "the verification result is authentic" and "the Verify command is transmitted in the non-contact protocol" are met, theIC card 1 stores establishment of the condition "non-contact & verification key b". In this case, however, since these two requirements are not met, application A determines that the condition is not established. Based on the determination result of application A, the contact communication I/F of theIC card 1 returns an abnormal termination response to that of the reader/writer 2. - ST45: The contact communication I/F of the reader/
writer 2 executes an Update Key command using the contact protocol so as to update secret key A. Application A confirms whether or not both the conditions "contact & verification key a" and "non-contact & verification key b" are established after confirmation of the authenticity of the command. In this case, however, application A cannot confirm establishment of both the conditions. That is, since verification of verification key b by the non-contact protocol does not terminate normally, application A determines that the conditions required to update secret key A are not established, and the contact communication I/F of theIC card 1 returns an abnormal termination response to that of the reader/writer 2 without updating secret key A. - Note that the aforementioned second example of a communication error may erase establishment of the condition "contact & verification key a" stored in ST43 based on the determination result in ST44 indicating that the condition is not established.
- This embodiment will be summarized below.
- (1) When the IC card is activated by one of the contact and non-contact I/Fs and authentication is executed, the IC card holds the contents of the authentication in the nonvolatile memory. After the IC card is temporarily deactivated, when it is activated by the other I/F and authentication is executed, the IC card determines that the security conditions are established when the authentication processes by the two I/Fs have succeeded, and permits access from the I/F in connection.
- (2) The IC card makes communications while switching the contact and non-contact I/Fs. The IC card determines that the security conditions are established when the authentication processes by the two I/Fs have successively succeeded, and permits accesses from the two I/Fs.
- (3) When a procedure other than the prescribed authentication procedure ((1) or (2) above) is executed, the IC card immediately determines that the security conditions are not established as well as the intermediate authentication result, and denies access.
- More specifically, this embodiment is as follows.
- The IC card determines the authenticity of processing based on both the result of authentication (verification) itself and the type of protocol of a command that prompts execution. That is, the IC card determines, as independent authentication (verification) results, the result authenticated (verified) by a specific command of the non-contact protocol via the non-contact communication I/F and the result authenticated (verified) by a specific command of the contact protocol via the contact communication I/F, and then permits the following operations when both the commands normally terminate:
- 1) to update security status of the overall card and to access specific data in the card;
- 2) to update security status in a DF and to access specific data under the DF;
- 3) to update security status in the DF and to execute a specific command under the DF;
- 4) to update security status in an application, and to access specific data under the application; and
- 5) to update security status in the application and to execute a specific command under the application.
- Additional advantages and modifications will readily occur to those skilled in the art. Therefore, the invention in its broader aspects is not limited to the specific details and representative embodiments shown and described herein. Accordingly, various modifications may be made without departing from the spirit or scope of the general inventive concept as defined by the appended claims and their equivalents.
Claims (10)
- An IC card (1) comprising:a first communication unit (16) configured to communicate with an IC card processing apparatus in a contact state;a second communication unit (17) configured to communicate with the IC card processing apparatus in a non-contact state;a storage unit (12, 14) configured to store information; andan execution unit (11) configured to execute predetermined processing based on the information stored in the storage unit using information processing results of both the first communication unit and the second communication unit,wherein the execution unit (11) executes authentication processing for the predetermined processing by a communication with one of the first communication unit and the second communication unit, and executes authentication processing for the predetermined processing by a communication with the other of the first communication unit and the second communication unit,the execution unit executes the predetermined processing under a condition that both the first communication unit and the second communication unit have succeeded in authentication processing for the predetermined processing, andwherein each authentication processing includes verifying a verification key (a b), said keys being stored by the IC card before said both authentication processings.
- An IC card according to claim 1, wherein the execution unit (11) is activated by a communication with one of the first communication unit and the second communication unit to execute authentication processing for the predetermined processing, stores an authentication processing result in the storage unit, and is deactivated, and the execution unit is activated by a communication with the other of the first communication unit and the second communication unit to execute authentication processing for the predetermined processing, and stores an authentication processing result in the storage unit, and the execution unit executes the predetermined processing under a condition that the two authentication processing results stored in the storage unit indicate successful authentication.
- An IC card according to claim 2, wherein the execution unit (11) determines as an error authentication processing by the first communication unit and the second communication unit that does not correspond to a prescribed authentication processing order of the first communication unit and the second communication unit, and does not permit execution of the predetermined processing.
- An IC card according to claim 3, wherein when the execution unit (11) stores the authentication processing result in the storage unit via the communication with one of the first communication unit and the second communication unit, and the same communication unit executes a communication again, the execution unit deletes the authentication processing result stored in the storage unit.
- An IC card according to claim 1, wherein the execution unit (11) is activated by a communication with at least one of the first communication unit and the second communication unit, executes authentication processing for the predetermined processing using both the first communication unit and the second communication unit by switching the first communication unit and the second communication unit, stores authentication processing results in the storage unit, and executes the predetermined processing under a condition that the two authentication processing results stored in the storage unit indicate successful authentication.
- An IC card according to claim 1, wherein the storage unit (12, 14) stores a secret key, and
the execution unit updates the secret key in response to an update request of the secret key under a condition that the authentication processes of both the first communication unit and the second communication unit have succeeded. - An IC card processing apparatus (2) comprising:a first communication unit (26) configured to communicate with an IC card (1) in a contact state;a second communication unit (27) configured to communicate with the IC card (1) in a non-contact state; anda request unit (21) configured to request the IC card (1) to execute predetermined processing via information processing by both the first communication unit and the second communication unit,wherein the request unit (21) executes authentication processing for the predetermined processing by both the first communication unit and the second communication unit and requests the predetermined processing, andwherein each authentication processing includes verifying a verification key, said keys being stored by the IC card (1) before said both authentication processings.
- An apparatus according to claim 7, wherein the request unit (21) activates IC card medium by a communication with one of the first communication unit and the second communication unit to execute authentication processing for the predetermined processing, activates le card by a communication with the other of the first communication unit and the second communication unit to execute authentication processing for the predetermined processing, and requests the predetermined processing.
- An apparatus according to claim 8, wherein the request unit (21) executes the authentication processing based on a prescribed authentication processing order of the first communication unit and the second communication unit.
- An apparatus according to claim 7, wherein the request unit (21) activates IC card by a communication with at least one of the first communication unit and the second communication unit, executes authentication processing for the predetermined processing using both the first communication unit and the second communication unit by switching the first communication unit and the second communication unit, and requests the predetermined processing.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2006205129A JP4960034B2 (en) | 2006-07-27 | 2006-07-27 | Information storage medium and information storage medium processing apparatus |
PCT/JP2007/063939 WO2008013066A1 (en) | 2006-07-27 | 2007-07-06 | Information storage medium and information storage medium processing apparatus |
Publications (3)
Publication Number | Publication Date |
---|---|
EP2047412A1 EP2047412A1 (en) | 2009-04-15 |
EP2047412A4 EP2047412A4 (en) | 2011-09-14 |
EP2047412B1 true EP2047412B1 (en) | 2015-06-17 |
Family
ID=38981379
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
EP07768408.2A Active EP2047412B1 (en) | 2006-07-27 | 2007-07-06 | Information storage medium and information storage medium processing apparatus |
Country Status (4)
Country | Link |
---|---|
US (1) | US20090184799A1 (en) |
EP (1) | EP2047412B1 (en) |
JP (1) | JP4960034B2 (en) |
WO (1) | WO2008013066A1 (en) |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP4420296B2 (en) * | 2007-11-19 | 2010-02-24 | フェリカネットワークス株式会社 | Information processing apparatus, information processing method, and program |
CN102105845B (en) * | 2008-05-26 | 2013-03-27 | Sk电信有限公司 | Memory card supplemented with wireless communication module, terminal for using same, memory card including WPAN communication module, and WPAN communication method using same |
JP2009289104A (en) * | 2008-05-30 | 2009-12-10 | Dainippon Printing Co Ltd | Security device with function for detecting trouble attack |
JP5235764B2 (en) * | 2009-04-16 | 2013-07-10 | 株式会社日立製作所 | IC chip and information processing apparatus equipped with the same |
CA2722980C (en) | 2009-12-01 | 2019-01-08 | Inside Contactless | Process for controlling access to a contactless interface in a contact and contactless double communication interface integrated circuit |
US9094830B2 (en) * | 2012-07-05 | 2015-07-28 | Blackberry Limited | Managing data transfer across a network interface |
JP6398193B2 (en) * | 2014-01-06 | 2018-10-03 | 凸版印刷株式会社 | Portable electronic medium and input / output control method |
Family Cites Families (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2694168B2 (en) * | 1988-08-08 | 1997-12-24 | 共同印刷株式会社 | IC card |
JPH0726774Y2 (en) * | 1989-05-09 | 1995-06-14 | シャープ株式会社 | IC card, reader / writer, and IC card device |
DE69501327T3 (en) * | 1994-03-24 | 2005-12-22 | Minnesota Mining And Mfg. Co., Saint Paul | Biometric personal authentication system |
US6097292A (en) * | 1997-04-01 | 2000-08-01 | Cubic Corporation | Contactless proximity automated data collection system and method |
US6003014A (en) * | 1997-08-22 | 1999-12-14 | Visa International Service Association | Method and apparatus for acquiring access using a smart card |
JP2001060259A (en) * | 1999-08-24 | 2001-03-06 | Dainippon Printing Co Ltd | Composite ic card and ic card forgery detection system |
JP3954271B2 (en) * | 2000-03-16 | 2007-08-08 | 本田技研工業株式会社 | Memory rewriting system for vehicle control device |
JP2003132313A (en) * | 2001-10-24 | 2003-05-09 | Toshiba Corp | Lsi for combination card, combination card, and using method for combination card |
JP3863011B2 (en) | 2001-11-29 | 2006-12-27 | シャープ株式会社 | Combination type IC card, control method therefor, and system program therefor |
JP2004046408A (en) * | 2002-07-10 | 2004-02-12 | Kenwood Corp | Hybrid ic card, method for controlling same and portable telephone set |
JP3737462B2 (en) * | 2002-07-30 | 2006-01-18 | ソニー・エリクソン・モバイルコミュニケーションズ株式会社 | Information processing system, information communication terminal and method, information processing device and method, recording medium, and program |
JP3933003B2 (en) * | 2002-07-30 | 2007-06-20 | 株式会社日立製作所 | IC card and payment terminal |
JP3698693B2 (en) | 2002-08-14 | 2005-09-21 | 株式会社エヌ・ティ・ティ・データ | Access control apparatus and computer program thereof |
US6776339B2 (en) * | 2002-09-27 | 2004-08-17 | Nokia Corporation | Wireless communication device providing a contactless interface for a smart card reader |
JP4480382B2 (en) * | 2003-10-27 | 2010-06-16 | 文化シヤッター株式会社 | Switching system |
WO2006072978A1 (en) * | 2005-01-05 | 2006-07-13 | Fujitsu Limited | Authentication system in information processing device using mobile device |
JP2007094935A (en) * | 2005-09-30 | 2007-04-12 | Omron Corp | Information processing device, method, system, and program, and recording medium |
US7614551B2 (en) * | 2005-10-31 | 2009-11-10 | Veritec, Inc. | Method and system for securely encoding and decoding biometric data into a memory device using a two dimensional symbol |
JP2007317170A (en) * | 2006-04-28 | 2007-12-06 | Renesas Technology Corp | Ic module and cellular phone |
-
2006
- 2006-07-27 JP JP2006205129A patent/JP4960034B2/en active Active
-
2007
- 2007-07-06 EP EP07768408.2A patent/EP2047412B1/en active Active
- 2007-07-06 WO PCT/JP2007/063939 patent/WO2008013066A1/en active Application Filing
-
2009
- 2009-01-26 US US12/359,770 patent/US20090184799A1/en not_active Abandoned
Also Published As
Publication number | Publication date |
---|---|
WO2008013066A1 (en) | 2008-01-31 |
EP2047412A4 (en) | 2011-09-14 |
EP2047412A1 (en) | 2009-04-15 |
US20090184799A1 (en) | 2009-07-23 |
JP2008033547A (en) | 2008-02-14 |
JP4960034B2 (en) | 2012-06-27 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US5288978A (en) | Mutual authentication system and method which checks the authenticity of a device before transmitting authentication data to the device | |
EP2047412B1 (en) | Information storage medium and information storage medium processing apparatus | |
US8804959B2 (en) | Communication device, communication method, and communication system | |
US5379344A (en) | Smart card validation device and method | |
EP0440158B1 (en) | Mutual authentication system | |
AU2008248013B2 (en) | Dynamically programmable RFID transponder | |
EP2229653B1 (en) | System and method for updating read-only memory in smart card memory modules | |
US7886970B2 (en) | Data communicating apparatus and method for managing memory of data communicating apparatus | |
US7428992B2 (en) | Secure device and system for issuing IC cards | |
JP2007532984A (en) | Semiconductor memory | |
JP4240851B2 (en) | PIN code identification device and PIN code identification method | |
JP5459845B2 (en) | Portable electronic device, method for controlling portable electronic device, and IC card | |
JP2007141113A (en) | Ic card having biometrics authentication function and ic card program | |
JP2003006582A (en) | Ic card processing system and ic card processing method | |
JP2002024790A (en) | Information processing system, portable electronic device, and key changing method | |
JP4476658B2 (en) | Portable electronic device, electronic processing system, and electronic processing method | |
JP2002342734A (en) | Portable electronic equipment and its history data storing method | |
JP4899499B2 (en) | IC card issuing method, IC card issuing system, and IC card | |
JP2002024785A (en) | Ic card and reader/writer | |
JP7380603B2 (en) | Secure device, command execution management method, and IC chip | |
JP2003067679A (en) | Portable electronic device and data write method therefor | |
JP2000113121A (en) | Portable electronic equipment and method for initializing portable electronic equipment | |
JP2000207506A (en) | Non-contact type ic card system | |
AU651584B2 (en) | Smart card validation device and method | |
JP2022069184A (en) | Ic card, command management method for ic card, and microcontroller for ic card |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PUAI | Public reference made under article 153(3) epc to a published international application that has entered the european phase |
Free format text: ORIGINAL CODE: 0009012 |
|
17P | Request for examination filed |
Effective date: 20090106 |
|
AK | Designated contracting states |
Kind code of ref document: A1 Designated state(s): AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IS IT LI LT LU LV MC MT NL PL PT RO SE SI SK TR |
|
AX | Request for extension of the european patent |
Extension state: AL BA HR MK RS |
|
DAX | Request for extension of the european patent (deleted) | ||
RBV | Designated contracting states (corrected) |
Designated state(s): FR |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: 8566 |
|
A4 | Supplementary search report drawn up and despatched |
Effective date: 20110817 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: H04L 9/32 20060101ALI20110810BHEP Ipc: G06K 19/07 20060101ALI20110810BHEP Ipc: G06K 19/073 20060101AFI20110810BHEP Ipc: G06F 21/24 20060101ALI20110810BHEP Ipc: G06K 17/00 20060101ALI20110810BHEP |
|
17Q | First examination report despatched |
Effective date: 20121210 |
|
REG | Reference to a national code |
Ref country code: DE Ref legal event code: R079 Free format text: PREVIOUS MAIN CLASS: G06K0019073000 Ipc: G06F0021770000 |
|
RIC1 | Information provided on ipc code assigned before grant |
Ipc: G06F 21/77 20130101AFI20141021BHEP |
|
GRAP | Despatch of communication of intention to grant a patent |
Free format text: ORIGINAL CODE: EPIDOSNIGR1 |
|
INTG | Intention to grant announced |
Effective date: 20150112 |
|
GRAS | Grant fee paid |
Free format text: ORIGINAL CODE: EPIDOSNIGR3 |
|
GRAA | (expected) grant |
Free format text: ORIGINAL CODE: 0009210 |
|
AK | Designated contracting states |
Kind code of ref document: B1 Designated state(s): FR |
|
PLBE | No opposition filed within time limit |
Free format text: ORIGINAL CODE: 0009261 |
|
STAA | Information on the status of an ep patent application or granted ep patent |
Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT |
|
26N | No opposition filed |
Effective date: 20160318 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 10 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 11 |
|
REG | Reference to a national code |
Ref country code: FR Ref legal event code: PLFP Year of fee payment: 12 |
|
PGFP | Annual fee paid to national office [announced via postgrant information from national office to epo] |
Ref country code: FR Payment date: 20230523 Year of fee payment: 17 |